Responsible Disclosure at Westpac

Our approach

Westpac takes the protection of its customer information and confidential information very seriously.

We have rigorous security measures in place that protect the privacy and confidentiality of our customers, including industry best practice security and fraud detection techniques.

We also constantly monitor the environment for emerging cyber threats, security issues and potential vulnerabilities across the Westpac Group.

Our customers and others outside the organisation play an important role in providing us with information that supports our continuous efforts to keep our customers’ information safe and secure.

What to do if you receive a phishing or hoax email or SMS?

Customers may receive phishing or hoax emails, SMS or other correspondence from third-parties that may seek to impersonate our brand for the purposes of extracting information, or money from customers. If you have received a hoax or phishing email or SMS, forward it through to hoax@westpac.com.au, SMS it to 0497 132 032. Please visit theFraud and Scams page to read more.

What to do if you have other information relating to potential security threats or issues?

We welcome any information you have on suspected cyber threats, or security issues. If you would like to report a suspected cyber threat, security issue or vulnerability, please send an email with the information to: vulnerability@westpac.com.au. When making your report, please include as much detail as possible to assist us.

To help us to action your concerns outlined in your report, we recommend you follow our Submission Guidelines outlined below.

Please include the following information in your report:

Your name and contact information (optional).

Date and time the suspected security issue or vulnerability was discovered.

IP address used when the suspected security issue or vulnerability was discovered.

A detailed description of the suspected security issue.

Vulnerable URL/application.

Vulnerable parameter (if applicable).

Step-by-step instructions to reproduce the vulnerability.

What happens next?

We will firstly assess the report, based on any potential risks that it poses to Westpac or its customers. If you choose to share your name and contact details, we will contact you within a reasonable time to acknowledge we’ve received your report, and to discuss how we intend to resolve the issue.

Westpac appreciates your assistance in reporting suspected cyber threats, security issues and vulnerabilities. However, there are circumstances where we will not investigate all reported suspected cyber threats and security issues.

Privacy

If we decide to investigate your report further or require more information, we may use your personal information to contact you about your report. We are bound by the Privacy Act and will protect your personal information in accordance with the Australian Privacy Principles. These principles govern how we can collect, use, hold and disclose your personal information. Our privacy policy is available at westpac.com.au or by calling 132 032.

Conditions, fees and charges apply. These may change or we may introduce new ones in the future. Full details are available on request. Lending criteria apply to approval of credit products. This information does not take your personal objectives, circumstances or needs into account. Consider its appropriateness to these factors before acting on it. Read the disclosure documents for your selected product or service, including the Terms and Conditions or Product Disclosure Statement, before deciding. Unless otherwise specified, the products and services described on this website are available only in Australia from Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit licence 233714.